Sharing Forms Authentication cookies in SQL Reporting Services

It’s not uncommon for someone to want to integrate their pre-existing ASP.net app (which utilizes Forms Authentication) with Reporting Services. When doing so, we don’t want to force users to logon twice, however – The goal is to have the Forms auth cookie generated by your app work against SSRS, too.

Here’s a quick walkthrough you can use to get handy with this scenario…It will probably take you about 60 minutes to get it all set up the first time round…

  1. Create a simple web app which utilizes forms auth. Use the following KB which gives you lots of easy cut & paste code (I’ll call this app FormsApp from now on):

 

https://support.microsoft.com/kb/301240

 

  1. Setup the SSRS Forms Authentication Sample, using this link (we’ll call this sucker SSRSSamp):

https://msdn.microsoft.com/en-us/library/aa902691.aspx

WARNING! Both of these samples create a “Users” table on SQL Server, and the schema of each table is different…Make sure you create these tables in different databases or rename “Users” to “Users2” in one the scripts that you run.

  1. Make sure both applications work independently of each other, and that you’ve added a user / password to SSRSSamp that has permissions on Reporting Services per the loooong instructions in step 2.

  2. Take the username / password you added in step 3, and manually add it to the FormsApp.Users table with an INSERT statement (you’ve already added User1, User2, and User3…go ahead and add “your” user too):

INSERT INTO FormsApp.Users values('YourUser','YourPW','Admin')

  1. Modify the FormsApp by adding a command button to the default.aspx form. Add code to the button’s click event so that it does a response.redirect to your report server ala:

Response.Redirect(https://MyServer/Reports);

  1. Now, we have to make some changes to the web.config files of each application to get this all working. Read about what we’re about to do here:

https://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx

  1. Open the web.config for the FormsApp, and add the following stuff inside the <system.web> element (you’ll see I’ve pretty much copied this directly from the article in step 6:)

WARNING! Backup web.config whenever we modify it, OK?

<machineKey validationKey= "C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"

decryptionKey= "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1"/>

The “most important” parts (for this exercise, anyway) will end up looking like this:

<authentication mode="Forms">

   <forms name=".ASPXFORMSDEMO" loginUrl="logon.aspx"

   protection="All" path="/" timeout="60" />

</authentication>

<authorization>

   <deny users ="?" />

   <allow users = "*" />

</authorization>

<machineKey validationKey= "C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"

decryptionKey= "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1"/>

  1. Now, it’s time to modify web.config found in the C:\Program Files\Microsoft SQL Server\MSSQL\Reporting Services\ReportServer folder…crack it open (and back it up)!

  2. Here’s what the “important” bits should look like. Note that everything in the <authentication> and <machineKey> elements exactly match what we have in the FormsApp web.config file…we’re following the instructions in the MDSN article from step 6. Yay MSDN!:

<authentication mode="Forms">

   <forms loginUrl="logon.aspx" name=".ASPXFORMSDEMO"

   protection="All" timeout="60" path="/"></forms>

</authentication>

<authorization>

   <allow users = "*" />

</authorization>

<machineKey validationKey= "C50B3C89CB21F4F1422FF158A5B42D0E8DB8CB5CDA1742572A487D9401E3400267682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"

decryptionKey= "8A9BE8FD67AF6979E7D20198CFEA50DD3D3799C77AF2B72F" validation="SHA1"/>

Save your changes, and you’re done. I would go ahead and test each app on its own to make sure they still work, then open up FormsApp, logon, and click your command button – You should land right inside Report Manager.